Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JBoss Enterprise Application Platform远程拒绝服务漏洞
Vulnerability Description
Red Hat JBoss Enterprise Application Platform(EAP)是美国红帽(Red Hat)公司的一套开源、基于J2EE的中间件平台。该平台主要用于构建、部署和托管Java应用程序与服务。 JBossWS Native中的wsf/common/DOMUtils.java文件中存在安全漏洞,该漏洞源于在实体扩展期间程序没有正确处理递归。远程攻击者可通过发送通过包含带有DOCTYPE声明和大量嵌套式实体引用的XML文档的特制请求利用该漏洞造成拒绝服务(内存和CPU耗尽)。以
CVSS Information
N/A
Vulnerability Type
N/A